Cybercrime: A Black Market Price List From The Dark Web

What does it cost for malware, stolen identities and other tools of the cybercriminal trade? Probably less than you think.

1 of 10

Image Source: Adobe Stock

There's no better lesson in the mechanics of a free market than watching a black market at work. And in this era of cybercrime, there may be no better observational laboratory of black market dynamics than on the Dark Web. For years now, security researchers have observed the evolution of the cybercrime economy, as malware authors, identity thieves and fraudsters have peddled their wares in a marketplace that has grown increasingly specialized in its division of labor.

Today, the menu of options is staggering, with many widely available items and services becoming quickly commoditized. Social security numbers, stolen credit card numbers and full identity information run for as cheap as a few bucks each. Botnet booter rentals can be had for under $100 a day to conduct DDoS and stressor campaigns against targets. And many malware authors offer both software for sale and malware-as-a-service in the SaaS model for a range of prices.

Additional services and differentiated items like 0-day vulnerability information net attackers more lucrative price points, as attackers seek out the means for targeted campaigns. The illicit shops and salespeople on the Deep Web operate as true businesses, with many components of committing cybercrime bundled in special discount packages for customers seeking the best bang for their criminal buck. It is truly a complex and sophisticated economy out there.

We've compiled some of the prices to give readers a feel for how cheaply crooks can get started in their criminal enterprises. All prices are given in USD, unless otherwise noted.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. View Full Bio

Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.

Published: 2017-05-09NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.